How to display other _source fields in a metric aggregation result?

StephaneB · August 2, 2021, 10:53am

Hello,

I'm working on ML job documents with the following fields:

      {
        "_index" : ".ml-anomalies-custom-job_device1",
        "_type" : "_doc",
        "_id" : "job_device1_model_forecast_Gwn4wnoB0F2uUBpmgO6V_1626768000000_900_0_0_0",
        "_score" : 0.0,
        "_source" : {
          "job_id" : "job_device1",
          "forecast_id" : "Gwn4wnoB0F2uUBpmgO6V",
          "result_type" : "model_forecast",
          "bucket_span" : 900,
          "detector_index" : 0,
          "timestamp" : 1626768000000,
          "model_feature" : "'arithmetic mean value by person'",
          "forecast_lower" : 72.46782289572343,
          "forecast_upper" : 73.54060395699805,
          "forecast_prediction" : 73.00421342636075
        }

I create the following min aggregation in order to find the minimal value of the forecast_prediction in all the model_forecast ML job documents :

GET .ml-anomalies*/_search
{
  "size": 1,
  "query": {
    "bool" :{
      "filter": [
        { 
          "query_string":{
            "query": "result_type:model_forecast"
          }
        },
        {"term": { "job_id": "job_device1"}}]
    }
  },
"aggs": {
  "forecast_min": { "min": { "field": "forecast_prediction" } }
  }
}

It leads to the following result:

{
"aggregations" : {
    "forecast_min" : {
      "value" : 72.99105325040645
    }
  }
}

But I woulk like to be able:

to display other fields in order to know what is for example the timestamp associated to the minimal value of this forecast_prediction
to know what is the _id for the document in which the forecast_prediction is the minimum

Is there any way to display something like:

{
"aggregations" : {
    "forecast_min" : {
      "value" : 72.99105325040645,
      "timestamp" : 1626767100000,
      "other_fields_of_the_same_document" : 12345678
      ...
    }
  }
}

spinscale · August 2, 2021, 11:52am

I am not sure you need an aggregation for this? How about sorting by the forecast_prediction field and only returning a single document?

StephaneB · August 2, 2021, 12:43pm

Thanks @spinscale.

Effectively it does the job very easily! I was so obsessed with aggregations....

system · August 30, 2021, 12:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.